[KB5890] ESET Virtualization Security vCenter and Active Directory synchronization

Issue

  • Perform VMware synchronization and Active Directory synchronization with ESET Remote Administrator in vSphere
  • Client computers appear twice in ESET Remote Administrator installed on vSphere

Details

VMware synchronization identifies computers based on the UUID of virtual machines (VMs), whereas AD synchronization identifies computers based on DNS names.

NOTE: Import your vCenter CA
To run this task successfully, you need to have imported vCenter CA in your ERA Server. You can export it via your web browser.
 
To export the certificate using Firefox web browser click the icon of the secure connection in the address bar  > Show connection details > More Information > View certificate > Details > Export > Save.

Solution

Support for vSphere versions

ESET Virtualization Security supports vSphere version 6.7 and earlier only. 

By default, all protected machines are displayed under the name of vAgent Host and to resolve their correct names, a synchronization with vCenter is needed to map vCenter used names.
 

I. VMware synchronization task

  1. Open ESET Remote Administrator Web Console (ERA Web Console) in your web browser and log in. How do I open ERA Web Console?

  2. Click Admin Server Tasks → Static Group Synchronization → New

Figure 1-1
Click the image to view larger in new window

  1. In the Basic section, type a name for the VMware synchronization task and select the Run task immediately after finish check box. 

Figure 1-2
Click the image to view larger in new window

  1. Expand the Settings section and click Select next to Static Group Name.  By default, the root for synchronized computers will be used or you can create a new Static Group.

  2. Configure the additional settings to your preferences for how duplicates are handled:

    • Object to synchronize—You can choose either Computers and Groups, or Only Computers.

    • Computer creation collision handling—If the synchronization adds computers that are already members of the Static Group, you can select a conflict resolution method: Skip (synchronized computers will not be added) or Move (new computers will be moved to a subgroup).

    • Computer extinction handling—If a computer no longer exists, you can either Remove the computer or Skip.

    • Group extinction handling—If a group no longer exists, you can either Remove the group or Skip.

  3. Select VMware from the Synchronization Mode drop-down menu.

Figure 1-3
Click the image to view larger in new window

  1. In the Server connection settings section, type the DNS name or IP address of the VMware vCenter Server and type the credentials used to access VMware vCenter Server. The value in Server field must be the same as is the value of CN of the imported vCenter CA. You can find this value in the column Subject of the Admin > Certificates Certification Authorities window.

  2. In the Synchronization Settings section, configure the following settings for your system:

    1. Structure view—select the type of VMware structure that will be listed during the synchronization.

    2. Structure path—click Browse to navigate through nodes and enter the path in VMware structure that will be listed. Leave it empty to synchronize entire tree.

    3. Computer view—select the attribute that will be used as a name of computer (for example, we recommend using Host Name).

Figure 1-4
Click the image to view larger in new window

  1. Select an existing trigger (or modify for this task an existing trigger) or create a new one using the Server Trigger Wizard, depending on your ESET Remote Administrator setup. 

  2. Select the check box next the Trigger Name you just added, and then click Finish

Figure 1-5
Click the image to view larger in new window


Only continue to part II if you are seeing duplicate entries in ESET Remote Administrator after performing the above VMware synchronization after deploying. 

II. Active Directory synchronization

Your vSphere environment will allow you to select Host Name as the identifier for client computers, which will in turn allow Active Directory (AD) synchronization to run without finding duplicates.

To create a new AD synchronization task, follow the instructions below:

  1. Click Admin → Server Tasks → Static Group Synchronization → New
     
  2. Select the VM group you added in part I above, select objects in the AD you want to synchronize from. 
  3. Configure the additional settings to your preferences for how duplicates are handled:

    • Object to synchronize—You can choose either Computers and Groups, or Only Computers.

    • Computer creation collision handling—If the synchronization adds computers that are already members of the Static Group, you can select a conflict resolution method: Skip (synchronized computers will not be added) or Move (new computers will be moved to a subgroup).

    • Computer extinction handling—If a computer no longer exists, you can either Remove the computer or Skip.

    • Group extinction handling—If a group no longer exists, you can either Remove the group or Skip.

  4. Select Active Directory/Open Directory/LDAP from the Synchronization Mode drop-down menu. 
     
  5. In the Server Connection Settings section, type the DNS name or IP address of the VMware vCenter Server and type the credentials used to access VMware vCenter Server.
     
  6. If you want to use LDAP, select check box Use LDAP instead of Active Directory and enter specific attributes to match your server, or you can select a Presets by clicking Custom and the attributes will be populated automatically.
     
  7. Synchronization Settings, click Browse next to Distinguished Name and your Active Directory tree will be displayed. Select the specific VM group that you created in part I above and then click OK when you are finished.
     
  8. Select an existing trigger (or modify for this task an existing trigger) or create a new one using the Server Trigger Wizard, depending on your ESET Remote Administrator setup.
     
  9. Select the check box next the Trigger Name you just added, and then click Finish